Abstract
AbstractWe propose a means for evaluating the strength of network-based moving target defenses using a general model of tag switching. Tag switching breaks the network into tags (labels for entities on the network) and assets (hosts present on the network) whose relationshps are moderated by lookup protocols, such as DNS, ARP or BGP. Lookup protocols hide the relationship between tags and assets, and are already used to provide dynamic asset allocation for scaling and defense. Our model provides a generalize means for describing tags and assets within tag spaces defined by the defender and then quantifies the attacker’s ability to manipulate a network within a tag space. Defenders manipulate the tag/asset relationship over time using one of a number of moving target defenses. The impact of these defenses is quantifiable and can be used to determine how effective different defensive postures will be.KeywordsDefensive StrategyContent Distribution NetworkIntelligence GatheringDynamic Asset AllocationDARPA Information SurvivabilityThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
